BugZero | F5 BugID 811045 - Tmsh load sys config from-terminal merge: error fo...

F5 - Defect ID: 811045

Tmsh load sys config from-terminal merge: error for config embedded sub profile can have only a single object of any part enabled

F5 - Defect ID: 811045

Tmsh load sys config from-terminal merge: error for config embedded sub profile can have only a single object of any part enabled

Last updated on 5/29/2024

Overall: 7.77.7

Severity: 6.46.4

Community: 4.14.1

Lifecycle: 9.29.2

What is the BugZero Risk Score?

Vendor details

Priority: 4-Minor
Status: Resolved
Impact Category: TMOS

Overall: 7.77.7

Severity: 6.46.4

Community: 4.14.1

Lifecycle: 9.29.2

What is the BugZero Risk Score?

Vendor details

Priority: 4-Minor
Status: Resolved
Impact Category: TMOS

Symptoms

When merging a network sub profile using 'tmsh load sys config from-terminal merge", tmsh reports a config error. 010715e4:3: Security log profile '/Common/logpartition01' can have only a single object of any part enabled. Unexpected Error: Loading configuration process failed.

Impact

New config is not applied. Error is posted.

Conditions

-- AFM is provisioned. -- Using TMSH terminal merge. -- Specifying an existing network log profile name that does not match the name in the configuration. Following is a detailed example: -- TMSH terminal merge works when you provide an existing name under network log profile. For example, if a BIG-IP has the following config in bigip.conf: "security log profile pf-log-01 { network { /Common/logpartition01 { <--- name contains /Common/ filter { log-acl-match-accept enabled } format { type user-defined user-defined "${date_time},${bigip_hostname},${management_ip_address},${src_ip},${src_port},${dest_ip},${dest_port},${translated_src_ip},${translated_dest_ip},${translated_src_port},${translated_dest_port},${date_time},,${protocol},${action}" } publisher lp-hsl-01 } } }" -- Terminal merge does not work, if you specify a different name under network when compared to name in the config. In this case, the name of the log profile under network stored for logpartition01 is '/Common/logpartition01'. When merging a config under network, the following config reports an error: "security log profile pf-log-01 { network { logpartition01 { <--- name is logpartition01, but not '/Common/logpartition01' filter { log-acl-match-accept enabled } format { type user-defined user-defined "${date_time},${bigip_hostname},${management_ip_address},${src_ip},${src_port},${dest_ip},${dest_port},${translated_src_ip},${translated_dest_ip},${translated_src_port},${translated_dest_port},${date_time},,${protocol},${action}" } publisher lp-hsl-01 } } }"

Workaround

While merging the config, specify the exact name of the profile that is already present in the config files. Note: The name of the sub-profile can be found in /config/bigip.conf file on the BIG-IP system.

Fix Information

None

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

F5 - Defect ID: 811045

Tmsh load sys config from-terminal merge: error for config embedded sub profile can have only a single object of any part enabled

F5 - Defect ID: 811045

Tmsh load sys config from-terminal merge: error for config embedded sub profile can have only a single object of any part enabled

Last updated on 5/29/2024

Vendor details

Vendor details

Description

Symptoms

Impact

Conditions

Workaround

Fix Information

Links

Top F5 defects by risk score

Ready to prevent the next vendor outage?